using configmap to configure calico cni config (#10177)

Signed-off-by: cyclinder qifeng.guo@daocloud.io

Signed-off-by: cyclinder qifeng.guo@daocloud.io

roles/network_plugin/calico/tasks/install.yml

@@ -16,15 +16,6 @@
     mode: 0755
     remote_src: yes
 
-- name: Calico | Write Calico cni config
-  template:
-    src: "cni-calico.conflist.j2"
-    dest: "/etc/cni/net.d/calico.conflist.template"
-    mode: 0644
-    owner: root
-  register: calico_conflist
-  notify: reset_calico_cni
-
 - name: Calico | Create calico certs directory
   file:
     dest: "{{ calico_cert_dir }}"

roles/network_plugin/calico/templates/calico-config.yml.j2

@@ -25,3 +25,87 @@ data:
 {% if inventory_hostname in groups['k8s_cluster'] and peer_with_router|default(false) %}
   as: "{{ local_as|default(global_as_num) }}"
 {% endif -%}
+  # The CNI network configuration to install on each node. The special
+  # values in this config will be automatically populated.
+  cni_network_config: |-
+    {
+      "name": "{{ calico_cni_name }}",
+      "cniVersion":"0.3.1",
+      "plugins":[
+        {
+          {% if calico_datastore == "kdd" %}
+            "datastore_type": "kubernetes",
+            "nodename": "__KUBERNETES_NODE_NAME__",
+          {% else %}
+          {% if cloud_provider is defined %}
+            "nodename": "{{ calico_kubelet_name.stdout }}",
+            {% else %}
+            "nodename": "{{ calico_baremetal_nodename }}",
+          {% endif %}
+          {% endif %}
+            "type": "calico",
+            "log_level": "info",
+          {% if calico_cni_log_file_path %}
+            "log_file_path": "{{ calico_cni_log_file_path }}",
+          {% endif %}
+          {% if calico_datastore == "etcd" %}
+            "etcd_endpoints": "{{ etcd_access_addresses }}",
+            "etcd_cert_file": "{{ calico_cert_dir }}/cert.crt",
+            "etcd_key_file": "{{ calico_cert_dir }}/key.pem",
+            "etcd_ca_cert_file": "{{ calico_cert_dir }}/ca_cert.crt",
+          {% endif %}
+          {% if calico_ipam_host_local is defined %}
+            "ipam": {
+              "type": "host-local",
+              "subnet": "usePodCidr"
+            },
+            {% else %}
+            "ipam": {
+              "type": "calico-ipam",
+              {%   if enable_dual_stack_networks %}
+              "assign_ipv6": "true",
+              {%   endif %}
+              "assign_ipv4": "true"
+            },
+          {% endif %}
+          {% if calico_allow_ip_forwarding %}
+            "container_settings": {
+              "allow_ip_forwarding": true
+            },
+          {% endif %}
+          {% if (calico_feature_control is defined) and (calico_feature_control|length > 0) %}
+            "feature_control": {
+              {% for fc in calico_feature_control -%}
+              {% set fcval = calico_feature_control[fc] -%}
+                "{{ fc }}": {{ (fcval | string | lower) if (fcval == true or fcval == false) else "\"" + fcval + "\"" }}{{ "," if not loop.last else "" }}
+              {% endfor -%}
+              {{- "" }}
+            },
+          {% endif %}
+          {% if enable_network_policy %}
+            "policy": {
+              "type": "k8s"
+            },
+          {% endif %}
+          {% if calico_mtu is defined and calico_mtu is number %}
+            "mtu": {{ calico_mtu }},
+          {% endif %}
+            "kubernetes": {
+              "kubeconfig": "__KUBECONFIG_FILEPATH__"
+            }
+        },
+        {
+          "type":"portmap",
+          "capabilities": {
+            "portMappings": true
+          }
+        },
+        {
+          "type":"bandwidth",
+          "capabilities": {
+            "bandwidth": true
+          }
+        }
+      ]
+    }
+

roles/network_plugin/calico/templates/calico-node.yml.j2

@@ -80,15 +80,18 @@ spec:
               name: kubernetes-services-endpoint
               optional: true
           env:
+            # The CNI network config to install on each node.
+            - name: CNI_NETWORK_CONFIG
+              valueFrom:
+                configMapKeyRef:
+                  name: calico-config
+                  key: cni_network_config
             # Name of the CNI config file to create.
             - name: CNI_CONF_NAME
               value: "10-calico.conflist"
             # Install CNI binaries
             - name: UPDATE_CNI_BINARIES
               value: "true"
-            # The CNI network config to install on each node.
-            - name: CNI_NETWORK_CONFIG_FILE
-              value: "/host/etc/cni/net.d/calico.conflist.template"
             # Prevents the container from sleeping forever.
             - name: SLEEP
               value: "false"

roles/network_plugin/calico/templates/cni-calico.conflist.j2

@@ -1,86 +0,0 @@
-{
-  "name": "{{ calico_cni_name }}",
-  "cniVersion":"0.3.1",
-  "plugins":[
-    {
-{% if calico_datastore == "kdd" %}
-      "datastore_type": "kubernetes",
-      "nodename": "__KUBERNETES_NODE_NAME__",
-{% else %}
-{% if cloud_provider is defined %}
-      "nodename": "{{ calico_kubelet_name.stdout }}",
-{% else %}
-      "nodename": "{{ calico_baremetal_nodename }}",
-{% endif %}
-{% endif %}
-      "type": "calico",
-      "log_level": "info",
-{% if calico_cni_log_file_path %}
-      "log_file_path": "{{ calico_cni_log_file_path }}",
-{% endif %}
-{% if calico_datastore == "etcd" %}
-      "etcd_endpoints": "{{ etcd_access_addresses }}",
-      "etcd_cert_file": "{{ calico_cert_dir }}/cert.crt",
-      "etcd_key_file": "{{ calico_cert_dir }}/key.pem",
-      "etcd_ca_cert_file": "{{ calico_cert_dir }}/ca_cert.crt",
-{% endif %}
-{% if calico_ipam_host_local is defined %}
-      "ipam": {
-        "type": "host-local",
-        "subnet": "usePodCidr"
-      },
-{% else %}
-      "ipam": {
-        "type": "calico-ipam",
-{%   if enable_dual_stack_networks %}
-        "assign_ipv6": "true",
-{%      if calico_cni_pool_ipv6 %}
-        "ipv6_pools": ["{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}"],
-{%      endif %}
-{%   endif %}
-{%      if calico_cni_pool %}
-        "ipv4_pools": ["{{ calico_pool_cidr | default(kube_pods_subnet) }}"],
-{%      endif %}
-        "assign_ipv4": "true"
-      },
-{% endif %}
-{% if calico_allow_ip_forwarding %}
-      "container_settings": {
-        "allow_ip_forwarding": true
-      },
-{% endif %}
-{% if (calico_feature_control is defined) and (calico_feature_control|length > 0) %}
-      "feature_control": {
-        {% for fc in calico_feature_control -%}
-        {% set fcval = calico_feature_control[fc] -%}
-          "{{ fc }}": {{ (fcval | string | lower) if (fcval == true or fcval == false) else "\"" + fcval + "\"" }}{{ "," if not loop.last else "" }}
-        {% endfor -%}
-      {{- "" }}
-      },
-{% endif %}
-{% if enable_network_policy %}
-      "policy": {
-        "type": "k8s"
-      },
-{% endif %}
-{% if calico_mtu is defined and calico_mtu is number %}
-      "mtu": {{ calico_mtu }},
-{% endif %}
-      "kubernetes": {
-        "kubeconfig": "__KUBECONFIG_FILEPATH__"
-      }
-    },
-    {
-      "type":"portmap",
-      "capabilities": {
-        "portMappings": true
-      }
-    },
-    {
-      "type":"bandwidth",
-      "capabilities": {
-        "bandwidth": true
-      }
-    }
-  ]
-}